Elements and Performance Criteria
- Plan security audit
- The scope and objectives of the audit are identified
- An audit plan is prepared that meets organisational requirements and the objectives of the audit
- The organisation's information systems to be included in the audit are identified in the audit plan
- Appropriate personnel are advised of the audit plan and its requirements
- Possible sources of security risk are identified and prioritised
- Audit checklist is prepared in accordance with organisational policy and procedures
- Conduct security audit
- Systems, procedures, records and documents are identified and analysed
- Audit is conducted in accordance with the audit plan
- Audit activities are recorded in accordance with the checklist and organisational requirements
- Situations requiring specialist input are identified and referred for action
- Situations requiring referral to other areas are identified and referred in a timely manner
- Report on security findings
- Audit records are maintained in accordance with legislation, policy and procedures
- Audit report is prepared in accordance with organisational requirements and audit objectives
- Background and scope of the audit, outcomes and recommendations are included in the report
- Report is written in a language and style to suit the audience and meets organisational requirements for accuracy and timeliness
- Recommendations are supported by evidence, and written as actions with responsible person/s identified for implementation
- Plan security audit
- The scope and objectives of the audit are identified.
- An audit plan is prepared that meets organisational requirements and the objectives of the audit.
- The organisation's information systems to be included in the audit are identified in the audit plan.
- Appropriate personnel are advised of the audit plan and its requirements.
- Possible sources of security risk are identified and prioritised.
- Audit checklist is prepared in accordance with organisational policy and procedures.
- Conduct security audit
- Systems, procedures, records and documents are identified and analysed.
- Audit is conducted in accordance with the audit plan.
- Audit activities are recorded in accordance with the checklist and organisational requirements.
- Situations requiring specialist input are identified and referred for action.
- Situations requiring referral to other areas are identified and referred in a timely manner.
- Report on security findings
- Audit records are maintained in accordance with legislation, policy and procedures.
- Audit report is prepared in accordance with organisational requirements and audit objectives.
- Background and scope of the audit, outcomes and recommendations are included in the report.
- Report is written in a language and style to suit the audience and meets organisational requirements for accuracy and timeliness.
- Recommendations are supported by evidence, and written as actions with responsible person/s identified for implementation.